Check Point researchers discovered major security vulnerabilities on popular OkCupid dating app.
According to researchers Alon Boxiner and Eran Vaknin, OkCupid has more than 50 million registered users, the majority aged between 25 and 34. The company claims that over 91 million connections are made through it annually.
The vulnerabilities the researchers found could have allowed attackers to:
- Expose users’ sensitive data stored on the app.
- Perform actions on behalf of the victim.
- Steals users’ profile and private data, preferences and characteristics.
- Steals users’ authentication token, users’ IDs, and other sensitive information such as email addresses.
- Send the data gathered to the attacker’s server.
After Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research, a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app, note the researchers.
OkCupid added: “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We’re grateful to partners like Checkpoint who with OkCupid, put the safety and privacy of our users first.”